CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Withdrawn) A method for securely transferring data across an optical- switched 
(OS) network, comprising: 

distributing security keys to edge nodes in the OS network; 

encrypting, at a source edge node, data to be sent from the source edge node to a 
destination edge node, said data encrypted with a security key distributed to the source 
node; 

sending the data along a virtual lightpath between the source and destination 
edge nodes, the virtual lightpath spanning at least one lightpath segment; and 

decrypting, at the destination edge node, the encrypted data that are sent. 

2. (Withdrawn) The method of claim 1, wherein the OS network comprises an 
optical burst- switched (OBS) network. 

3. (Withdrawn) The method of claim 2, wherein the OBS network comprises a 
photonic burst- switched (PBS) network. 

4. (Withdrawn) The method of claim 2, wherein the PBS network comprises a 
wavelength-division multiplexed (WDM) PBS network. 

5. (Withdrawn) The method of claim 1, wherein the security keys are distributed by 
distributing a common decryption and encryption key pair to each of the edge nodes. 
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6. (Withdrawn) The method of claim 1, wherein the security keys are distributed 
by: 

distributing a respective decryption key to each of the edge nodes, each 
respective decryption key being particular to its node; and 

distributing respective sets of encryption keys to each node, each set of 
encryption keys for a given node including encryption keys corresponding to the 
decryption keys distributed to each of the other edge nodes. 

7. (Withdrawn) The method of claim 1, wherein the security keys are distributed 
by: 

distributing a respective private key to each of the edge nodes, each respective 
private key being particular to its node; and 

distributing respective sets of digital certificates sets to each node, each set of 
digital certificates for a given node containing a set of public keys corresponding to the 
private keys distributed to each of the other edge nodes. 

8. (Withdrawn) The method of claim 6, further comprising self-generating the 
digital certificates. 

9. (Withdrawn) The method of claim 8, further comprising: 
for each edge node, 

self-generating an digital certificate containing a public key that is asymmetric to 
the private key for the edge node; and 

sending the digital certificate to each of the other edge nodes. 

10. (Withdrawn) The method of claim 9, further comprising: 
for at least one node, 
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generating a private key for the edge node via key- generation facilities provided 
by the edge node; and 

generating the public key for the edge node via the key- generation facilities. 

1 1 . (Withdrawn) The method of claim 7, further comprising: 

sending security data to a certificate authority, the security data defining public 
keys that are to be included in respective digital certificates; and 

receiving authenticated digital certificates from the certificate authority. 

12. (Withdrawn) The method of claim 11, wherein the security data is sent from an 
administrator of the OBS network. 

13. (Withdrawn) The method of claim 9, further comprising: 
generating a respective set of security data at each edge node; and 

sending the respective set of security data from each edge node to the certificate 
authority. 

14. (Withdrawn) The method of claim 1, further comprising sending security keys to 
the edge nodes using a communication channel that is external to the OBS network to 
distribute the security keys. 

15. (Withdrawn) The method of claim 1, further comprising sending security keys to 
the edge nodes using an out-of-band channel of the OBS network to distribute the 
security keys. 
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16. (Withdrawn) The method of claim 15, further comprising sending security data 
via a control burst for the OBS network, the security data including one or more security 
keys or containing information from which one or more security keys can be derived. 

17. (Withdrawn) The method of claim 1, further comprising sending information to 
each edge node identifying at least one of an encryption algorithm and decryption 
algorithm to be employed to encrypt and/or decrypt the data via the security keys. 

18. (Withdrawn) The method of claim 17, further comprising sending encryption 
and/or decryption code to an edge node, the encryption and/or decryption code to be 
executed to perform encryption and/or decryption operations. 

19. (Currently Amended) A tangible machine-readable medium to provide 
instructions, which when executed by a processor in a source edge node of an optical 
switched (OS) network cause the source edge node to perform operations including: 

encrypting data to be sent to a destination edge node; 

generating a control burst, the control burst containing information to reserve 
network resources to form a virtual lightpath between the source edge node and the 
destination edge node during a scheduled timeslot, the virtual lightpath including at least 
one lightpath segment; 

adding information to the control burst identifying indicating whether or not one 
or more data bursts to be sent from the source edge node to the destination edge node 
will be encrypted; 

sending the control burst to a first hop along the virtual lightpath, the first hop 
comprising one of a switching node or the destination edge node; and 

sending said one or more data bursts containing the data that are encrypted to the 
first hop along the virtual lightpath during the scheduled timeslot. 
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20. (Previously Presented) The tangible machine-readable medium of claim 19, 
wherein execution of the instructions further perform the operation of sending an 
encryption key to each of a plurality of edge nodes in the OS network. 

21. (Previously Presented) The tangible machine-readable medium of claim 20, 
wherein execution of the instructions performs the operation of sending the encryption 
key to an edge node by: 

generating a control burst containing security data including the encryption key 
or data from which the encryption key can be derived; and 

sending the control burst to a first hop along a virtual lightpath coupling the edge 
node sending the control burst to an edge node receiving the control burst, the first hop 
comprising one of the edge node receiving the control burst or a switching node. 

22. (Previously Presented) The tangible machine-readable medium of claim 21, 
wherein the security data include an digital certificate. 

23. (Previously Presented) The tangible machine-readable medium of claim 22, 
wherein execution of the instructions perf orms the further operation of generating a self- 
signed digital certificate. 

24. (Previously Presented) The tangible machine-readable medium of claim 21, 
wherein the security data include one of information identifying an encryption algorithm 
used to encrypt the data or executable code that may be used to decrypt the certificate. 
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25. (Previously Presented) The tangible machine-readable medium of claim 20, 
wherein an encryption key is sent to an edge node via a communication channel that is 
external from the OS network. 

26. (Previously Presented) The tangible machine-readable medium of claim 19, 
wherein execution of the instructions performs further operations including: 

generating an encryption key, the encryption key to be used to encrypt the data; 

and 

generating a decryption key corresponding to the encryption key. 

27. (Currently Amended) The tangible machine-readable medium of claim [[20]]_26, 
wherein execution of the instructions performs further operations including: 

generating security data including the decryption key and identifying the 
decryption key as a public key, the security data comprising data from which an digital 
certificate may be issued; and 

sending the security data to a certificate authority. 

28. -38. (Canceled) 
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